Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Wiprelyokcawpj.zip

  • Size

    547KB

  • Sample

    231010-jrkl1sea87

  • MD5

    901b8654876e375b058f3cbd222d4f93

  • SHA1

    132323eb4fad3dd7ece0daec2336c41dc71bb2ee

  • SHA256

    9f871875ab9d8e491042f763031d779a5168e7cdff65b4e9ce180331f6e7b36f

  • SHA512

    c4f0addf599953482fbc2fdf40895960a9b212db06370e1e515fcce08acaa4d734a6ac9e33a5070140986007b75ea7b1a155d4feaa25fb395cbae6166ecc2870

  • SSDEEP

    12288:j6fD05KbZNmj35LrikbBDzXDjzaGXb7na4:jI0sbfmjJblzDjuGX3nd

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

fadc

Decoy

protechdream.com

faireco.life

bakrinhome.com

bustygirl.xyz

kbif.info

ningo.bond

hollywoodcircleevents.site

eapv-uabjo.com

852bets.com

nooption.online

global-strategy.pro

cartaonline.online

sacredbones2023.com

barsandbands.fun

liftchairs-info-mx.today

delamar.one

shuntianyuan.net

americanworldsolutions.com

julitv.net

criativax.com

Targets

    • Target

      Wiprelyokcawpj.exe

    • Size

      1.3MB

    • MD5

      14239e8403667595f401b4971c28b3db

    • SHA1

      9b1afe3640abcde93657ff00d7ccf91efb7e652c

    • SHA256

      25c965edd039ebc00529a936e066f34149b4bb69c59c7a4fb575849584a71dda

    • SHA512

      fa4f817274d8c81581e79454c43ff704d1017f0ea7017a8422d9c4e897810d5c1108047082fe325391ba580f823e2d954d81e7774231ede4cb621226d2738b55

    • SSDEEP

      24576:vUrkF9ZT6xy9M7HCZmFq/wbgKcQrE/k2+gL5:vUwVk2XL

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • ModiLoader, DBatLoader

      ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.

    • Formbook payload

    • ModiLoader Second Stage

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks